Support multiple credentials and ACL #262
Assignees
Labels
Comments
|
BTW in the latest versions of wforce (2.6 onwards) the commands are all available as |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
SOmetimes, itis necessary for multiple systems to access the Weakforced API, but you want to separate the credentials for security reasons. It may be that a custom function has the potential to do damage, and you want this to be restricted to just one place.
Describe the solution you'd like
Currently, weakforced supports a single user (wforce) and password for authentication.
Ideally, we would be able to have multiple user:password credentials defined, and to be able to test against the authenticated username in custom functions (so, for example, a custom function could exit with an error unless the authorised credential was used)
Describe alternatives you've considered
Using the same credentials everywhere works, but has obvious security implications, plus making a change to the password means changing it everywhere.
A web proxy could possibly achieve this, but since the functions are selected by parameters rather than by URL path it is more complex.
Additional context
We have 3 applications linked to weakforced for authorisation. We recently had to change the wforce password due to an issue in one application, which meant having to change in all 3 applications (managed by different teams) and test suites. This could be simpler.
The text was updated successfully, but these errors were encountered: